I have an openfire server (3.10.2) configured with TLS required. When running a ssl analyzer (sslyze) i have the following ouput:
VULNERABLE - Server honors client-initiated renegotiations
As i understand there is a vulnerability that allows a DoS attack using the TLS renegotiation.
I searched the documentation but couldn’t find any relevant data.
Is there a way (or workaround) to disable this on openfire?
Openfire : 3.10.2 (same occurs in current release -> 4.0.4)